North Korea Linked Hackers Used LinkedIn to Get Into European Defense Firms, Claim Security Experts

Threat actors posed as recruiters for US firms in order to deceive employees of European defense firms and break into their networks

From the day Sony was hacked to recent security threats amid the Coronavirus pandemic, the North Korean cybercriminals are on prowl every time. Now, cyber security firm ESET researchers have found that North Korean hackers, disguised as recruiters are trying to break into European defense firms.

The cybercriminals from North Korea, where starting from media to the public -- every institution is under the control of Supreme Leader Kim Jong Un, have recently posed as recruiters working for US defense giants Collins Aerospace and General Dynamics on LinkedIn to break into the networks of military contractors in Europe, revealed researchers.

Picture for representation
North Korea Hackers Reuters

Using Social Media as a Medium for Hacking

As per their findings, the cyberspies were able to compromise the systems of at least two aerospace and defense firms in Central Europe last year. To make sure that they find success in this process, the hackers started approaching employees with fake job offers from US firms.

The Slovakia-based cybersecurity firm ESET noticed that the attackers then used the private message feature in LinkedIn to share documents with malicious codes with the employees who were tricked into opening them, said Jean-Ian Boutin, the head of threat research.

Even though the names of the victims were not revealed by ESET due to client confidentiality, the security firm said that it was unclear if any information was stolen. Boutin said, "This is the first case I am aware of where LinkedIn was used to deliver the malware itself."

The security company was also unable to determine the identity of the threat actors but said that the hackers had some links to a North Korean group, Lazarus, which is claimed to have been planning to launch a massive phishing attack from June 20 targeting six major countries.

Singaporeans more wary of cyber threats
Cybersecurity Mal Langsdon/Reuters

The Notorious Lazarus Group

This hacking group has been accused by US prosecutors of orchestrating a string of high-profile cyber-attacks on victims including Sony Pictures and the Central Bank of Bangladesh. As per an early report by IBTimes Singapore, CYFIRMA, a threat intelligence and cybersecurity platform, has exposed the malicious plans of Lazarus Group.

They revealed that cybercriminals are planning to launch broader phishing attacks designed as COVID-19 relief efforts against six countries including Singapore, the U.S., and the U.K., targeting more than five million individuals and businesses (small, medium, and large enterprises). The hackers planned to launch the campaign on Saturday, June 20 by sending phishing emails.

Cybersecurity expert Jeffrey Kok, who is the Vice President Solution Engineers for the Asia Pacific and Japan for CyberArk told IBTimes Singapore that companies should proactively manage and rotate high-value 'privileged' credentials and limit user access to only the information and tools needed to perform immediate role.

Here's what he said:

Phishing remains probably the malicious attacker's number one way of potentially accessing confidential information. For the individual, this can mean compromised personal details, which is damaging but usually limited in scale.

However, for attacks that target businesses, the effects can be much more wide-ranging. Once a foothold in a business is established through a successful phish, critical data and assets within the business are all at risk if the attack is not contained. This could include customer data files, financial information or even result in the IT infrastructure being taken down.

To meet this challenge, businesses should consider adopting privileged access management to prevent the lateral spread of an attack. By proactively managing and rotating high-value 'privileged' credentials and limiting user access to only the information and tools needed to perform their immediate role, an attacker's route to critical data and assets can be contained, reducing their ability to exfiltrate information or disrupt operations.

Related topics : Cybersecurity